September 17, 2021 - Blog
MS Outlook compromises user privacy targeted by malware
On Sunday a blogger from Beijing posted evidence that Microsoft’s web applications, including Outlook and OneDrive, were revealing potentially sensitive information about their users. Since confirmed by a number of media organizations, these Microsoft services are sending information to users with a unique numerical identifier (CID) which is unencrypted and visible to anyone who may want to monitor their web traffic. The revelation of a unique identifier in plain text is problematic as it has the potential to compromise a user’s private information, such as their account picture, display name, etc. Additionally, the same vulnerability can be used to expose information associated with the Live Calendar application, including a user’s location. There is also the additional concern that a unique identifier, such as the one used by Microsoft’s web services, could be used to track a user across various internet services. A unique identifying number such as the one issued by Microsoft could be correlated with other network traffic to track a user across the internet even when efforts are made to remain anonymous.
In additional news about Microsoft’s web applications Cybereason, a network security startup, uncovered an advanced form of malware designed to attack large organizations. The malware targets the Outlook Web Application mail server used by employees to access their inboxes remotely. Once it infects the mail server utilized by Outlook, it collects login credentials from the targeted company. Cybereason’s report explains why the Outlook Web Application server created the vulnerability: “Contrary to other web servers that typically have only a web interface, OWA is unique: it is a critical internal infrastructure that also faces the Internet, making it an intermediary between the internal, allegedly protected DMZ, and the web. The customer was using OWA to enable remote user access to Outlook. This configuration of OWA created an ideal attack platform because the server was exposed both internally and externally.”
According to Litmus Analytics, Microsoft Outlook still has a considerable market share despite competition from Google and Apple. Outlook and it’s web based version are the 6th and 7th most popular email applications in use today. Microsoft has not made an official statement regarding either one of these issues.